[lug] Linux Partition Sizes

Bear Giles bgiles at coyotesong.com
Thu Apr 18 17:09:34 MDT 2002


> Having never set up a server before (as opposed to a workstation), I'm
> not sure how much space to devote to each partition.

Uh oh, that's one of those questions where if you ask 4 people you'll
get 6 opinions and 2 fist-fights.

> Here are my thoughts:
> 
> /boot:	This only needs to be 8MB.
> /:	Should be fairly large.
> /var
> /usr:	I guess this and /var should have the lion's share.
> /home:	1GB at the *very* most, since there won't really be any users
> 	logging on for anything other than deploying stuff.

You're thinking like a workstation, not a server.

You want a separate partition for anything that can be written to by
either users or daemons.  I've found it useful to have a separate
(and sizeable)

 /tmp

 /var/tmp (possibly in large /var)

and 

 /var/log

partitions.  /var/log, in particular, should always an embarassing
excess of free space.

Plus separate partitions for every service.  This is typically

 /var/spool/mail - if you have user mail spools  (may be /var/mail)

 /var/spool/lpr  - if you have printers

 /var/spool/news - if you have news

 /var/www        - if you have web server

 /var/lib/postgres - if you have database

and so forth.  The exact partitions depend on your package and
distribution.

The reason for the separate partitions is partly to limit damage if
you get mailbombed or newsbombed or whatever, partly to make it easy
to blow away the OS and rebuild the system if you have a problems.
Your application data is already separate - all you need to worry
about is grabbing the configuration information out of /etc.

Other good partitions are

 /usr/src  - if you build kernels locally

 /usr/local - if you install local packages
 /opt

Finally, I've found myself increasingly frustrated at the long
release time for packages (for Debian, admittedly) and am now
maintaining a basic system in /usr with standard pckages, and
building my own services in /opt.  This allowed me to immediately
update ssh when the last exploit was discovered.  This isn't as
convenient as updating against a security package repository, but
it does make it easy to really tune the servers to my need.
(E.g., my apache is built with mod_ssl and mod_jk, something you
won't find in the standard package.)

The final thing to consider is whether you want to have the flexibility
to change mount options on some partitions.  It doesn't give you a
lot more security to mount /usr readonly, but you might decide it's
worth the effort.

Bear



More information about the LUG mailing list